Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-31 | CVE-2022-40296 | Server-Side Request Forgery (SSRF) vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. | 9.8 |
| 2022-10-28 | CVE-2022-3708 | Server-Side Request Forgery (SSRF) vulnerability in Google web Stories The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. | 8.1 |
| 2022-10-26 | CVE-2022-43776 | Server-Side Request Forgery (SSRF) vulnerability in Metabase The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. | 6.5 |
| 2022-10-25 | CVE-2022-36451 | Server-Side Request Forgery (SSRF) vulnerability in Mitel Micollab A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. | 8.8 |
| 2022-10-25 | CVE-2022-38580 | Server-Side Request Forgery (SSRF) vulnerability in Zalando Skipper Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF). | 9.8 |
| 2022-10-25 | CVE-2022-41704 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. | 7.5 |
| 2022-10-25 | CVE-2022-42890 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. | 7.5 |
| 2022-10-17 | CVE-2022-42149 | Server-Side Request Forgery (SSRF) vulnerability in Keking Kkfileview 4.0.0 kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java. | 9.8 |
| 2022-10-14 | CVE-2022-41477 | Server-Side Request Forgery (SSRF) vulnerability in Webidsupport Webid A security issue was discovered in WeBid <=1.2.2. | 9.1 |
| 2022-10-14 | CVE-2022-36802 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira Align The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. | 4.9 |